/*
* Authorize digest credentials
*/
static inline int authorize(struct sip_msg* _msg, pv_elem_t* _realm,
pv_spec_t * _uri_user, int _hftype)
{
int res;
auth_result_t ret;
struct hdr_field* h;
auth_body_t* cred;
str *uri_user;
str user, domain;
pv_value_t pv_val;
/* get pre_auth domain from _realm pvar (if exists) */
if (_realm) {
if (pv_printf_s(_msg, _realm, &domain)!=0) {
LM_ERR("pv_printf_s failed\n");
return AUTH_ERROR;
}
} else {
/* get pre_auth domain from To/From header */
domain.len = 0;
domain.s = 0;
}
ret = auth_api.pre_auth(_msg, &domain, _hftype, &h);
if (ret != DO_AUTHORIZATION)
return ret;
cred = (auth_body_t*)h->parsed;
/* get uri_user from _uri_user pvap (if exists) or
from To/From URI */
if (_uri_user) {
if (pv_get_spec_value(_msg, _uri_user, &pv_val) == 0) {
if (pv_val.flags & PV_VAL_STR) {
res = aaa_authorize_sterman(_msg, &cred->digest,
&_msg->first_line.u.request.method,
&pv_val.rs);
} else {
LM_ERR("uri_user pvar value is not string\n");
return AUTH_ERROR;
}
} else {
LM_ERR("cannot get uri_user pvar value\n");
return AUTH_ERROR;
}
} else {
if (get_uri_user(_msg, &uri_user) < 0) {
LM_ERR("To/From URI not found\n");
return AUTH_ERROR;
}
user.s = (char *)pkg_malloc(uri_user->len);
if (user.s == NULL) {
LM_ERR("no pkg memory left for user\n");
return AUTH_ERROR;
}
un_escape(uri_user, &user);
res = aaa_authorize_sterman(_msg, &cred->digest,
&_msg->first_line.u.request.method,
&user);
pkg_free(user.s);
}
if (res == 1) {
ret = auth_api.post_auth(_msg, h);
return ret;
}
return AUTH_ERROR;
}
/*
* Authorize digest credentials
*/
static inline int authorize(struct sip_msg* _msg, pv_elem_t* _realm,
pv_spec_t * _uri_user, hdr_types_t _hftype)
{
int res;
auth_cfg_result_t ret;
struct hdr_field* h;
auth_body_t* cred;
str *uri_user;
str user, domain;
pv_value_t pv_val;
cred = 0;
ret = -1;
user.s = 0;
/* get pre_auth domain from _realm pvar (if exists) */
if (_realm) {
if (pv_printf_s(_msg, _realm, &domain) != 0) {
LM_ERR("pv_printf_s failed\n");
return -5;
}
} else {
domain.len = 0;
domain.s = 0;
}
switch(auth_api.pre_auth(_msg, &domain, _hftype, &h, NULL)) {
default:
BUG("unexpected reply '%d'.\n",
auth_api.pre_auth(_msg, &domain, _hftype, &h, NULL));
#ifdef EXTRA_DEBUG
abort();
#endif
ret = -7;
goto end;
case NONCE_REUSED:
ret = AUTH_NONCE_REUSED;
goto end;
case STALE_NONCE:
ret = AUTH_STALE_NONCE;
goto end;
case ERROR:
case BAD_CREDENTIALS:
case NOT_AUTHENTICATED:
ret = AUTH_ERROR;
goto end;
case NO_CREDENTIALS:
ret = AUTH_NO_CREDENTIALS;
goto end;
case DO_AUTHENTICATION:
break;
case AUTHENTICATED:
ret = AUTH_OK;
goto end;
}
cred = (auth_body_t*)h->parsed;
/* get uri_user from _uri_user pvap (if exists) or
from To/From URI */
if (_uri_user) {
if (pv_get_spec_value(_msg, _uri_user, &pv_val) == 0) {
if (pv_val.flags & PV_VAL_STR) {
res = radius_authorize_sterman(_msg, &cred->digest,
&_msg->
first_line.u.request.method,
&pv_val.rs);
} else {
LM_ERR("uri_user pvar value is not string\n");
ret = AUTH_ERROR;
goto end;
}
} else {
LM_ERR("cannot get uri_user pvar value\n");
ret = AUTH_ERROR;
goto end;
}
} else {
if (get_uri_user(_msg, &uri_user) < 0) {
LM_ERR("To/From URI not found\n");
ret = AUTH_ERROR;;
goto end;
}
user.s = (char *)pkg_malloc(uri_user->len);
if (user.s == NULL) {
LM_ERR("no pkg memory left for user\n");
ret = -7;
goto end;
}
un_escape(uri_user, &user);
res = radius_authorize_sterman(_msg, &cred->digest,
&_msg->first_line.u.request.method,
&user);
}
if (res == 1) {
switch(auth_api.post_auth(_msg, h, NULL)) {
default:
BUG("unexpected reply '%d'.\n",
auth_api.pre_auth(_msg, &domain, _hftype, &h, NULL));
#ifdef EXTRA_DEBUG
abort();
#endif
ret = -7;
break;
case ERROR:
case NOT_AUTHENTICATED:
ret = AUTH_ERROR;
break;
case AUTHENTICATED:
ret = AUTH_OK;
break;
}
} else {
ret = AUTH_INVALID_PASSWORD;
}
end:
if (user.s) pkg_free(user.s);
if (ret < 0) {
if (auth_api.build_challenge(_msg, (cred ? cred->stale : 0), &domain,
NULL, NULL, _hftype) < 0) {
LM_ERR("while creating challenge\n");
ret = -7;
}
}
return ret;
}
